Xxe

2022-09-2318:15:00

PRIOn knowledge base

www.prio-n.com

ibm

sterling

partner

engagement

manager

xml

external

entity

injection

vulnerability

attack

remote

attacker

sensitive

information

memory

resources

x-force

nvd

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.6%

JSON

IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 230017.

CPENameOperatorVersion
sterling_partner_engagement_managereq6.2.1.0
sterling_partner_engagement_managereq6.2.1.0
sterling_partner_engagement_managerge6.2.0.0
sterling_partner_engagement_managerlt6.2.0.4
sterling_partner_engagement_managerge6.2.0.0
sterling_partner_engagement_managerlt6.2.0.4
sterling_partner_engagement_managerge2.0
sterling_partner_engagement_managerlt6.1.2.6
sterling_partner_engagement_managerge2.0
sterling_partner_engagement_managerlt6.1.2.6

Name	Operator	Version
sterling_partner_engagement_manager	eq	6.2.1.0
sterling_partner_engagement_manager	eq	6.2.1.0
sterling_partner_engagement_manager	ge	6.2.0.0
sterling_partner_engagement_manager	lt	6.2.0.4
sterling_partner_engagement_manager	ge	6.2.0.0
sterling_partner_engagement_manager	lt	6.2.0.4
sterling_partner_engagement_manager	ge	2.0
sterling_partner_engagement_manager	lt	6.1.2.6
sterling_partner_engagement_manager	ge	2.0
sterling_partner_engagement_manager	lt	6.1.2.6